46. Name essential stakeholders of the internal audit function! Explain the interaction between them and the internal audit function!
47. Briefly explain the steps of audit planning (internal audit): Risk based planning versus mandatory audit fields!
Both types are reported to and approved by Board of Management
Risk-based audit planning:
1. Preparation of the audit (announcement of the audit)
2. Carry out the audit (meetings, systematic audit, sample checks)
3. Quality assurance process (final meetings, preparation of final audit report)
· Internal reconciliation
· External reconciliation
Mandatory audit fields:
1. Administration, Accounting, Control processes:
· Risk Management:§39 (2) Austrian Banking Act (BA)
· ICAAP: §39 a BA
· Remuneration: §39 b BA
· IRB / Art. 191 CRR (Capital Requirement Regulation)
· Internal model market risk/Art. 368 CRR
· Large exposures: Art. 387ff CRR
2. Control and security arrangements
· Compliance Organization: § 16, 18 SSA, § 48b SEA, SCC
3.Others
· Reporting requirements to FMA: §42 (4) 1 BA
· Money Laundering: §40 ff BA
Securities trading book: Art. 102 CRR
48. Briefly explain Material Misstatement and possible consequences thereof!
The risk that financial statement are materially misstated and do not represent the true and fair value. It leads to the economic loss of users of financial statements. It basically means that the information given in the financial statements is incorrect, meaning that what is written there is not actually there.
Consequences could have several forms and could impact different stakeholders. For investors, it could make the company look better than it really is, so they will lose in value if there are misstatements. For banks, as a loan granter, the company might also look better well-of than it really is, so the collateral for the loan could have smaller real value than presented in financial statements. Material Misstatements could lead to a very disastrous consequences if done in vast measures (i.e. Enron case), so they could influence the whole economies.
49. Explain Audits risks and how external auditors can mitigate them!
Audit risk is a function of material misstatement and detection risk, and stands for the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
There are three types of audit risk, and namely inherent, control and detection risk. Inherent risk is the risk of misstatements or errors due to the nature of an organization and the business environment in which it operates. Control risk is the risk of misstatements due to the weaknesses or failures in an organization’s internal control system. Detection risk is the risk that audit procedures do not detect material misstatements.
Detection risk is the only element of audit risk that can be influenced by the auditors directly. To be able to assess the risk, and recognize any fraud and/or error external auditors must adopt an attitude of professional skepticism that a material misstatement due to fraud or error indeed exists. The risk assessment also includes a consideration on the extent to which the external auditor can reply on the work of internal audit with regard to:
- organizational status
- the technical competence of staff in the internal audit function
- whether or not internal audit is carried out with due professional care
- the effect of any constraints that are placed on internal audit by company management
Source: http://www.aat-interactive.org.uk/elearning/level4/External%20audit%20-%20planning%20and%20risk%20assessment.pdf